apache · heguanhui · May 25, 2026 · morrySnow · May 26, 2026 · heguanhui
diff --git a/...ore/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropRowPolicyCommand.java b/...ore/src/main/java/org/apache/doris/nereids/trees/plans/commands/DropRowPolicyCommand.java
@@ -70,16 +70,19 @@ public void doRun(ConnectContext ctx, StmtExecutor executor) throws Exception {
      * validate
      */
     public void validate(ConnectContext ctx) throws AnalysisException {
-        tableNameInfo.analyze(ctx.getNameSpaceContext());
-        if (user != null) {
-            user.analyze();
-        }
         // check auth
         if (!Env.getCurrentEnv().getAccessManager()
                 .checkGlobalPriv(ConnectContext.get(), PrivPredicate.GRANT)) {
             ErrorReport.reportAnalysisException(ErrorCode.ERR_SPECIFIC_ACCESS_DENIED_ERROR,
                     PrivPredicate.GRANT.getPrivs().toString());
         }
+        tableNameInfo.analyze(ctx.getNameSpaceContext());
+        if (user != null) {
+            user.analyze();
+            if (!Env.getCurrentEnv().getAuth().doesUserExist(user)) {
+                throw new AnalysisException("user not exist: " + user);
+            }
+        }
     }
 
     public boolean isIfExists() {

diff --git a/...src/test/java/org/apache/doris/nereids/trees/plans/commands/DropRowPolicyCommandTest.java b/...src/test/java/org/apache/doris/nereids/trees/plans/commands/DropRowPolicyCommandTest.java
@@ -20,8 +20,10 @@
 import org.apache.doris.analysis.UserIdentity;
 import org.apache.doris.catalog.Env;
 import org.apache.doris.catalog.info.TableNameInfo;
+import org.apache.doris.common.AnalysisException;
 import org.apache.doris.common.jmockit.Deencapsulation;
 import org.apache.doris.mysql.privilege.AccessControllerManager;
+import org.apache.doris.mysql.privilege.Auth;
 import org.apache.doris.mysql.privilege.PrivPredicate;
 import org.apache.doris.qe.ConnectContext;
 import org.apache.doris.utframe.TestWithFeService;
@@ -36,13 +38,15 @@ public class DropRowPolicyCommandTest extends TestWithFeService {
     private ConnectContext connectContext;
     private Env env;
     private AccessControllerManager accessControllerManager;
+    private Auth auth;
     private UserIdentity user;
     private TableNameInfo tableNameInfo;
 
     private void runBefore() throws IOException {
         connectContext = createDefaultCtx();
         env = Env.getCurrentEnv();
         accessControllerManager = env.getAccessManager();
+        auth = env.getAuth();
         user = new UserIdentity("jack", "127.0.0.1", true);
         tableNameInfo = new TableNameInfo("test_db", "test_tbl");
     }
@@ -54,7 +58,26 @@ public void testValidateNormal() throws Exception {
         Mockito.doReturn(true).when(spyAcm).checkGlobalPriv(
                 Mockito.nullable(ConnectContext.class), Mockito.eq(PrivPredicate.GRANT));
         Deencapsulation.setField(env, "accessManager", spyAcm);
+        Auth spyAuth = Mockito.spy(auth);
+        Mockito.doReturn(true).when(spyAuth).doesUserExist(Mockito.any(UserIdentity.class));
+        Deencapsulation.setField(env, "auth", spyAuth);
         DropRowPolicyCommand command = new DropRowPolicyCommand(false, "test_policy", tableNameInfo, user, "role1");
         Assertions.assertDoesNotThrow(() -> command.validate(connectContext));
     }
+
+    @Test
+    public void testValidateUserNotExist() throws Exception {
+        runBefore();
+        AccessControllerManager spyAcm = Mockito.spy(accessControllerManager);
+        Mockito.doReturn(true).when(spyAcm).checkGlobalPriv(
+                Mockito.nullable(ConnectContext.class), Mockito.eq(PrivPredicate.GRANT));
+        Deencapsulation.setField(env, "accessManager", spyAcm);
+        Auth spyAuth = Mockito.spy(auth);
+        Mockito.doReturn(false).when(spyAuth).doesUserExist(Mockito.any(UserIdentity.class));
+        Deencapsulation.setField(env, "auth", spyAuth);
+        DropRowPolicyCommand command = new DropRowPolicyCommand(false, "test_policy", tableNameInfo, user, null);
+        AnalysisException ex = Assertions.assertThrows(AnalysisException.class,
+                () -> command.validate(connectContext));
+        Assertions.assertTrue(ex.getMessage().contains("user not exist"));
+    }
 }
diff --git a/regression-test/suites/query_p0/test_row_policy.groovy b/regression-test/suites/query_p0/test_row_policy.groovy
@@ -90,4 +90,11 @@ suite("test_row_policy") {
           """
           exception "system user"
     }
+
+    test {
+          sql """
+              DROP ROW POLICY policy_01 ON ${tableName} FOR non_exist_user
+          """
+          exception "non_exist_user"
+    }
 }